zentol commented on a change in pull request #12682:
URL: https://github.com/apache/flink/pull/12682#discussion_r441341436
##########
File path:
flink-connectors/flink-sql-connector-hive-1.2.2/src/main/resources/META-INF/NOTICE
##########
@@ -8,6 +8,41 @@ This project bundles the following dependencies under the
Apache Software Licens
- org.apache.hive:hive-exec:1.2.2
- org.apache.hive:hive-metastore:1.2.2
+- org.apache.hive:hive-common:1.2.2
+- org.apache.hive:hive-serde:1.2.2
+- org.apache.hive.shims:hive-shims-0.20S:1.2.2
+- org.apache.hive.shims:hive-shims-0.23:1.2.2
+- org.apache.hive.shims:hive-shims-common:1.2.2
+- org.apache.hive:spark-client:1.2.2
+- com.twitter:parquet-hadoop-bundle:1.6.0
+- org.apache.thrift:libthrift:0.9.2
- org.apache.thrift:libfb303:0.9.2
- org.apache.orc:orc-core:1.4.3
- io.airlift:aircompressor:0.8
+- commons-lang:commons-lang:2.6
+- org.apache.commons:commons-lang3:3.1
+- org.apache.avro:avro:1.7.5
+- org.apache.avro:avro-mapred:1.7.5
+- com.googlecode.javaewah:JavaEWAH:0.3.2
+- org.iq80.snappy:snappy:0.2
+- org.codehaus.jackson:jackson-core-asl:1.9.2
+- org.codehaus.jackson:jackson-mapper-asl:1.9.2
+- com.google.guava:guava:14.0.1
+- net.sf.opencsv:opencsv:2.3
+- joda-time:joda-time:2.5
+- org.objenesis:objenesis:1.2
+
+This project bundles the following dependencies under the BSD license.
+See bundled license files for details.
+
+- com.esotericsoftware.kryo:kryo:2.22
+- org.jodd:jodd-core:3.5.2
+- javolution:javolution:5.5.1
+- com.google.protobuf:protobuf-java:2.5.0
+- com.esotericsoftware.minlog:minlog:1.2
+- com.esotericsoftware.reflectasm:reflectasm:1.07
+
+This project bundles the following dependencies under the JSON license.
Review comment:
> Does that mean we're allowed to bundle JSON libraries released before
that date?
If you were able to find a distro were the license is different sure, But I
looked at the oldest release available in maven central, and it still had the
problematic passage.
> Alternatively, if we exclude JSON from the shaded jar, i.e. by filtering
out org/json/** from hive-exec, will that solve the problem here?
Well, yes and no. Ultimately, by virtue of containing a category-X
dependency, hive-exec is also category-x. We could filter out json.org:json
here, indeed. But what about all the other dependencies to hive-exec? Those
cannot state that we only depend on the non-json stuff.
So if a user checks out the Flink source, and runs some hive example or
whatnot, then this must not pull in json.org:json. And I don't believe this to
be feasible.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
